Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Why using stunnel via NAT only?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Why using stunnel via NAT only? (Read 3534 times)
8191
Jr. Member
Posts: 83
Karma: 4
Why using stunnel via NAT only?
«
on:
August 02, 2020, 09:24:11 am »
Hi,
the stunnel documentation
and as well the GUI help on the plugin's configuration mention, that
it's safest to bind stunnel to localhost only and use NAT to forward traffic to stunnel
. On the other hand
online help for NAT
mentions that NAT
should not be used as a security measure
.
So my question would be:
Why does the author of the stunnel plugin consider binding to a loopback address consider more secure than binding to the interface address, which is protected by pf anyway?
Thanks and BR
Manuel
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Why using stunnel via NAT only?
«
Reply #1 on:
August 02, 2020, 02:05:41 pm »
The lo0 interface will not go down so a network outage or IP address renew will not crash the daemon. If you have a static IP and a stable connection, it should not make a difference.
The alternative is to bind to all IP addresses with 0.0.0.0 and ::
Logged
8191
Jr. Member
Posts: 83
Karma: 4
Re: Why using stunnel via NAT only?
«
Reply #2 on:
August 02, 2020, 09:40:23 pm »
Thanks for explanation! So the reason is more a stability issue than a security issue?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Why using stunnel via NAT only?
